Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/8nzpMy7Dn-AKIysHRLsKcshtxSM.roa
File:                     8nzpMy7Dn-AKIysHRLsKcshtxSM.roa (raw, json)
Hash identifier:          c8kBvZrOkKOSuW96w+S82jk/nsuFu1VjvrnxScTcndQ=
Subject key identifier:   F2:7C:E9:33:2E:C3:9F:E0:0A:23:2B:07:44:BB:0A:72:C8:6D:C5:23
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018D7E73827CEFC51334454D7F1A1B07D9E1
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/8nzpMy7Dn-AKIysHRLsKcshtxSM.roa
Signing time:             Tue 06 Feb 2024 12:45:15 +0000
ROA not before:           Tue 06 Feb 2024 12:45:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        163.5.74.0/24 maxlen: 24
                          163.5.83.0/24 maxlen: 24
                          163.5.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7e:73:82:7c:ef:c5:13:34:45:4d:7f:1a:1b:07:d9:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Feb  6 12:45:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f27ce9332ec39fe00a232b0744bb0a72c86dc523
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:53:84:7f:aa:82:74:d5:e6:e7:4d:3e:b3:c8:
                    2a:72:f6:55:44:d6:df:28:48:b4:f8:b7:df:8b:a5:
                    be:78:c4:c0:f8:0b:b0:23:77:1a:03:16:a8:9a:8a:
                    38:91:ab:ed:82:6a:66:13:ee:3d:df:50:ad:63:0f:
                    92:e6:6b:ac:7b:67:81:3b:c1:31:85:7f:43:88:4e:
                    a1:72:f3:cf:d0:44:9c:6f:a9:7d:28:8b:6a:18:ab:
                    41:2d:76:33:37:45:2b:2d:a8:31:85:7d:47:5b:da:
                    cb:19:9d:b6:34:e7:69:df:9d:24:af:a0:ab:b6:6c:
                    46:05:b7:05:65:b7:bb:dc:74:2a:c2:a4:eb:f0:9f:
                    3a:68:62:f5:36:ca:bd:25:87:a8:d6:70:b1:9e:9a:
                    69:cd:60:8c:b7:9e:19:81:8a:00:10:0c:4d:29:d4:
                    78:1c:c9:7c:e7:b0:71:3e:db:8c:04:b0:db:fe:56:
                    c1:ab:93:a8:66:a9:ef:91:0e:9f:07:89:41:83:db:
                    c2:6c:53:af:8e:88:18:1a:d6:d3:52:6e:f1:02:55:
                    04:9d:81:69:29:ea:dc:33:fa:51:7d:6e:53:c7:bd:
                    20:d9:ac:a1:86:cb:8c:0b:40:50:c8:37:b1:26:7e:
                    49:c9:ce:70:06:d9:47:22:33:3b:c0:e9:44:4c:29:
                    31:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:7C:E9:33:2E:C3:9F:E0:0A:23:2B:07:44:BB:0A:72:C8:6D:C5:23
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/8nzpMy7Dn-AKIysHRLsKcshtxSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.74.0/24
                  163.5.83.0/24
                  163.5.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:26:68:92:58:d0:51:6f:19:35:51:ee:48:a3:5a:0c:de:1b:
         1b:57:25:5b:9a:f2:de:89:cc:6e:87:fb:1c:c5:7a:58:1e:a1:
         3a:a6:4a:5d:48:cb:87:3d:f3:94:a9:55:46:b6:f1:b2:dd:c0:
         0a:5b:9c:8e:1f:54:67:24:a4:76:e8:04:fd:9b:f3:cc:46:48:
         87:1c:61:9a:41:ec:c0:7e:70:f2:0b:00:a8:43:b6:51:b9:15:
         79:15:29:f1:7c:bb:a9:32:3d:51:8c:c1:4c:01:89:bd:ec:4a:
         8e:0f:69:80:c5:8a:a4:32:94:5f:8f:76:c2:c1:63:23:9a:5b:
         9d:b9:37:8c:c6:55:95:90:fb:41:06:07:67:8c:bd:99:04:36:
         8c:08:80:4d:ab:0c:85:a8:07:ae:47:20:d3:98:64:c7:8a:b0:
         1e:e8:9e:8c:e0:fb:4a:24:b9:71:1a:9f:58:07:6c:1d:13:ce:
         9b:31:40:6b:40:b5:7a:c9:c4:95:1e:51:4c:6b:43:b5:28:17:
         e2:9d:b6:d6:1f:95:2a:9b:52:70:83:51:ca:aa:7c:87:70:73:
         64:c0:79:de:f1:84:1b:20:64:2d:5a:4f:6e:8f:21:82:81:1c:
         7b:3f:96:7a:e2:c2:64:0a:c3:06:10:a2:7e:10:33:f3:39:8c:
         c9:64:2c:c8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY1+c4J878UTNEVNfxobB9nhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMjA2MTI0NTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjdjZTkzMzJlYzM5ZmUwMGEyMzJiMDc0NGJiMGE3MmM4NmRjNTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVOEf6qCdNXm500+s8gqcvZVRNbf
KEi0+Lffi6W+eMTA+AuwI3caAxaomoo4kavtgmpmE+4931CtYw+S5muse2eBO8Ex
hX9DiE6hcvPP0EScb6l9KItqGKtBLXYzN0UrLagxhX1HW9rLGZ22NOdp350kr6Cr
tmxGBbcFZbe73HQqwqTr8J86aGL1Nsq9JYeo1nCxnpppzWCMt54ZgYoAEAxNKdR4
HMl857BxPtuMBLDb/lbBq5OoZqnvkQ6fB4lBg9vCbFOvjogYGtbTUm7xAlUEnYFp
KercM/pRfW5Tx70g2ayhhsuMC0BQyDexJn5Jyc5wBtlHIjM7wOlETCkxkQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPJ86TMuw5/gCiMrB0S7CnLIbcUjMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvOG56cE15N0RuLUFLSXlzSFJMc0tjc2h0eFNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAowVKAwQA
owVTAwQAowWXMA0GCSqGSIb3DQEBCwUAA4IBAQBrJmiSWNBRbxk1Ue5Io1oM3hsb
VyVbmvLeicxuh/scxXpYHqE6pkpdSMuHPfOUqVVGtvGy3cAKW5yOH1RnJKR26AT9
m/PMRkiHHGGaQezAfnDyCwCoQ7ZRuRV5FSnxfLupMj1RjMFMAYm97EqOD2mAxYqk
MpRfj3bCwWMjmluduTeMxlWVkPtBBgdnjL2ZBDaMCIBNqwyFqAeuRyDTmGTHirAe
6J6M4PtKJLlxGp9YB2wdE86bMUBrQLV6ycSVHlFMa0O1KBfinbbWH5Uqm1Jwg1HK
qnyHcHNkwHne8YQbIGQtWk9ujyGCgRx7P5Z64sJkCsMGEKJ+EDPzOYzJZCzI
-----END CERTIFICATE-----